Technologie

Introduction

Motivation

How about a secure access from outside into the own home network? So we can maintain machines, change configurations, getting files, .. from where ever we are. For this we let a VPN tunnel be established between a local RPi in our network to a hosted server. If this hosted server that offers a web based console we only need a web browser to access our own resources at home.

The idea of the project comes from my colleague Michael and I like to thank him for the first inputs to get that running.

Starting point

Instead of mess up your official hosted server I can only recommend to start with one of the cheap offers to start. I take www.digitalocean.com for such server playgrounds, which has a real nice package for only $5 per month. But in reality you pay only cents, because only running systems count. So my account, initially charged with $5 has still more than $4 for further tests.

But beside this, they also make it so easy to get a new machine up. For the creation you only define the name, choose the “hardware” specification and select the operation system – and seconds later you receive a mail with the credential and the information, that your machine is up and running. Amazing!

In case you are interested in testing this provider, let me know. Currently I can send you an invitation with a value of $10 or use this link https://www.digitalocean.com/?refcode=5fde389ac6da (be aware, they request your credit card details, but don’t charge from it. it is only for future business with you and you can delete the details later). $10 - that’s enough for a long time play period.

Realization

Preparing the server

For this sample I choose a Debian based machine with the smallest hardware specification in New York.

btw: having a server somewhere outside your residence country, it offers you some interesting benefits. Why? Because you get an IP which let the surfed page not track where you really come from – you obfuscate the one your router gets from your provider – and location based services could offer you other things. So far I found the following:

Cheaper flight tickets Typical price watching portals try to offer you the prices from the area you come from, but the prices vary. www.skyscanner.com offered my a 10% better offer for the same connection by another location.

Avoid blocked YouTube videos In Germany the GEMA (and others) let YouTube block a lot videos because of licensing issues (http://en.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany). Notably for videos with music you end up in “Dieses Video ist in Deutschland leider nicht verfügbar” (“Unfortunately, this video is not available in your country.”).

Okay – so let’s take this configuration now:

And not a half minute later your machine is online with a public IP address (here 104.131.97.68) and after a few minutes you get the mail with your credentials.

Connect to the new server, update it and install OpenVPN

Now ssh to this machine, confirm the following question with yes and update your password. Use the IP and password you get via mail.

With the next command we create the Duffie Hellman stuff. On the Digital Ocean server this is done in seconds. I did the same on a Raspberry Pi for a similar project and had to wait around half an hour. So you can image how powerful the Digital Ocean equipment is!

./build-dh

which creates the next file

-rw-r--r-- 1 root root 245 Dec 5 13:57 dh1024.pem

Creating the keys for the client

Later we need the keys for our client so let create them now too. The name of our Raspberry Pi will be alarmpi, so we use this name for key too. Again you have to confirm the last two questions with “y”.

Outside visible IP

There are some of these “what is my IP address” services available, which shows you the IP of you entry-point to the internet. Usually that is the IP your router got. But with tunneled traffic it should be the IP of our OpenVPN server – the IP of our Digital Ocean server. Let’s check this.